<!DOCTYPE html>
<html>
<head>

	<meta content="text/html; charset=utf-8" http-equiv="Content-Type">

</head>



<body>


系统载入中，请稍等...



<?php
//验证登陆信息
session_start();


include_once ("../config.php");

include_once '../connection.php';


//if($_POST['submit']){
$username=$_POST['username'];
$userpass=$_POST['userpass'];
$userpass=md5($userpass);



//先判断接收的用户名，是否含有特殊字符。有的话，直接返回登陆框。
if(!preg_match("/^[0-9a-zA-Z]{3,12}$/",$username)){
	echo "<script language='javascript'>alert('用户名不存在！');location='/login';</script>";}

else{




	//设置需要搜索的表格的前缀后缀
	$table_Suffix="employee";
	$table=$table_Prefix.$table_Suffix;
	$query = do_query("SELECT COUNT(nid) FROM $table");
	$sum = mysqli_fetch_array($query)[0];



//设置需要搜索的表格的前缀后缀
	$table_Suffix="employee";
	$table=$table_Prefix.$table_Suffix;

	$result = do_query("select * from $table");

	while($row = mysqli_fetch_array($result))
	{

		$admin_nid[]          = $row['nid'];
		$admin_name[]         = $row['name'];
		$admin_password[]     = $row['mima'];
		$admin_department[]   = $row['department'];
		$admin_departmentid[] = $row['departmentid'];
		$admin_mid[]          = $row['mid'];
		$admin_quanxian[]     = $row['quanxian'];
		$admin_authority[]     = $row['authority'];
		$admin_position[]     = $row['position'];
		$admin_utoken[]     = $row['utoken'];
	}




	//定义一个值，用来记录输入的用户名是否正确
	$get_right_username=false;



//循环一下读取的账户名字，是否和传递过来的一致。
//如果输入的用户名根本没有，则什么都不做，留给下一步。
	for($i=0;$i<$sum;$i++)
	{
		//如果一致，则开始循环密码
		if ($admin_mid[$i]==$username){

			$get_right_username=true;//传递过来的用户名，是正确的。


			if( $admin_authority[$i]=="是"){
				//对照数据库密码和传递过来的密码是否一致
				if ($admin_password[$i]==$userpass)
				{
					$_SESSION['username']     = $admin_name[$i];
					$_SESSION['department']   = $admin_department[$i];
					$_SESSION['departmentid'] = $admin_departmentid[$i];
					$_SESSION['mid']          = $admin_mid[$i];
					$_SESSION['nid']          = $admin_nid[$i];
					$_SESSION['quanxian']     = $admin_quanxian[$i];
					$_SESSION['position']     = $admin_position[$i];
					$_SESSION['utoken']       = $admin_utoken[$i];



                    $url="/controller/index.php";
                    Header("Location: $url");

				}



				else {
					echo "<script language='javascript'>alert('密码错误！');location='/login/';</script>";
				}
			}
			else
			{
				echo "<script language='javascript'>alert('没有登录权限！');location='/login/';</script>";
			}
		}

//如果没有一致的，就什么都不做。
		else{}


	}




	if(!$get_right_username)
	{
		echo "<script language='javascript'>alert('用户名不存在！');location='/login';</script>";
	}

	else{}

}


//}
?>

}

</body>